Android/Zitmo.F pretends to the anti-virus software.
Android/Zitmo.F shows an activation key when its application is executed manually.
Android/Zitmo.F posts phone number, IMEI, IMSI and incoming SMS message to local host. As a result, sensitive information is not stolen.
If malware author changes the destination address from local host to the attacker's website, sensitive information will be stolen.